> I would like so much. I can't do that without a lot of effort. I don't know a
> lot about electron internals yet but, depending on how the software is designed,
> it start directly into the chromium sandbox then load its nodejs app & modules.

But instead you propose that everyone else put in a lot of effort.

When anything new is allowed by pledge, we must audit *all software* that
uses pledge, to see if there is a downside.

Yes, for two sysctl nodes that seems a bit melodramatic.  But the current
sysctl exposure was selected because a lot of software does it.  Not just
1 piece of software.

And you aren't even done making it work.  Will you return a couple more
times with further requests?  At some point, big software cannot be
pledged, because it is big and belives it can do everything.